[HN Gopher] A hands-on introduction to static code analysis ___________________________________________________________________ A hands-on introduction to static code analysis Author : dolftax Score : 105 points Date : 2020-05-04 17:54 UTC (5 hours ago) (HTM) web link (deepsource.io) (TXT) w3m dump (deepsource.io) | flohofwoe wrote: | Slightly tangential to what the article is about, but at least in | the C/C++ world, the most important change to make static | analysis popular for "the rest of us" was probably Xcode's | decision to integrate clang analyzer right into the Xcode UI | under a menu item (Xcode doesn't do many things right, but this | is definitely one of the very good features). | | This way, analyzing the code is a simple "button press" and works | out of the box on every Xcode project. | | Soon after, Microsoft followed suit in Visual Studio (even though | in my experience, the MS analyzer doesn't catch quite as many | things as the clang analyzer). | | Before that, static analyzers were those no doubt useful but | obscure "magic tools" which were very hard to integrate into an | existing build process. | | Even the most useful tool will be ignored when it is hard to use. | saagarjha wrote: | Somewhat annoyingly, the static analyzer that ships with Xcode | doesn't seem to be packaged separately as in the command line | tools... | tasty_freeze wrote: | Same with the profiling tools. | flohofwoe wrote: | Hmm, command-line clang accepts a --analyze option here | ("Apple clang version 11.0.0"), and this seems to give | additional output over the regular warnings. I'm not sure if | that's the same thing as the analyzer integrated into Xcode, | but some sort of static analyzer seems to be there. | UncleMeat wrote: | It's good to see discussions of static analysis, but I often feel | that these blog posts do a disservice to the techniques. The post | leads by mentioning applications like bugfinding and security | vuln detection but the examples here are barely above local | syntactic checks. This is the common scenario in the majority of | blog posts I see about static analysis, probably because it is | just much easier to put together a quick write up on AST-linting. | Heck, this article has a diagram that directly states that an AST | is the input to a static analysis module, but that is true only | for some kinds of things! | | AST level analysis is certainly useful. Everybody should be using | some sort of style checker. But AST pattern matching is a | _completely_ different technique from the stuff used to do | bugfinding that I worry that these blog posts will give the wrong | impression about what static analysis can do and what it can 't | do. | | I'd love to see blog posts about interprocedural pointer | analysis, for example. | rj722 wrote: | Article author here. Agree that the post merely touches the | surface for static analysis -- because it was aimed towards an | audience looking for an introduction to static analysis. The | scope for the examples in this post had to be limited for this | reason. | | Inter-procedural pointer analysis -- Yes, a lot more trickier | than these, but definitely more juicier. Will try to write a | post on it in the coming weeks. | UncleMeat wrote: | I think limiting the scope is fine in general. But one small | suggestion would be to make it more clear that this is just | one very simple technique. This does not come across at all | in the blog post. The diagram you show, for example, seems to | state that this is just how static analyses work - they are | given ASTs to work with. Or at the very least include some | examples of semantic properties. It seems incongruent when | you describe static analysis as understanding the behavior of | the program without running it and then use examples that are | about syntactic style violations. | onemoresoop wrote: | The article is great and it is clear it is intended for | beginners. Everything is explained as for beginners which is | good. A second part is very welcome. | itsspring wrote: | I want to read more on this topic. Have you written about this | anywhere, or do you have a pointer/suggestion? | chas wrote: | This article gets more into actual analysis of program state | and execution: http://matt.might.net/articles/intro-static- | analysis/ | | If you want to go deeper, Principles of Program Analysis is a | popular reference: Principles of Program Analysis | https://www.amazon.com/dp/3540654100/ | saagarjha wrote: | The kinds of analyses mentioned here are typically grouped under | "linting"-more advanced static analysis tools will typically do | things like dataflow analysis. | dmos62 wrote: | I too would be interested in interesting static code analyses | (that are beyond linting). | g_delgado14 wrote: | Any beginner friendly articles on more advanced analysis that | you'd recommend? | jjtheblunt wrote: | https://en.wikipedia.org/wiki/Static_single_assignment_form | kaidon wrote: | Maybe a bit tangential, but still interestin: | | https://cacm.acm.org/magazines/2010/2/69354-a-few-billion- | li... | pwaivers wrote: | Thanks for this article, dolftax! I followed all the examples on | my machine with no problem, and I learned some new stuff. | | I have a question: how difficult is it to implement the ast? It | seems like that the bulk of the work for this static code | analysis. ___________________________________________________________________ (page generated 2020-05-04 23:00 UTC)